package io.sgr.oauth.server.authserver.core;

import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.JwtException;
import io.sgr.oauth.core.OAuthCredential;
import io.sgr.oauth.core.exceptions.InvalidClientException;
import io.sgr.oauth.core.exceptions.InvalidGrantException;
import io.sgr.oauth.core.exceptions.InvalidRequestException;
import io.sgr.oauth.core.exceptions.InvalidScopeException;
import io.sgr.oauth.core.exceptions.ServerErrorException;
import io.sgr.oauth.core.exceptions.UnsupportedGrantTypeException;
import io.sgr.oauth.core.exceptions.UnsupportedResponseTypeException;
import io.sgr.oauth.core.utils.Preconditions;
import io.sgr.oauth.core.v20.GrantType;
import io.sgr.oauth.core.v20.ResponseType;
import io.sgr.oauth.server.core.AuthRequestParser;
import io.sgr.oauth.server.core.OAuthV2Service;
import io.sgr.oauth.server.core.TokenRequestParser;
import io.sgr.oauth.server.core.models.AuthorizationRequest;
import io.sgr.oauth.server.core.models.OAuthClientInfo;
import io.sgr.oauth.server.core.models.ScopeDefinition;
import io.sgr.oauth.server.core.models.TokenRequest;
import io.sgr.oauth.server.core.utils.OAuthServerUtil;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.text.MessageFormat;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Locale;
import java.util.Optional;
import java.util.stream.Collectors;

/* loaded from: input_file:io/sgr/oauth/server/authserver/core/AuthorizationServer.class */
public class AuthorizationServer {
    private static final int DEFAULT_AUTHORIZATION_CODE_EXPIRES_TIME_AMOUNT = 1;
    private static final TemporalUnit DEFAULT_AUTHORIZATION_CODE_EXPIRES_TIME_UNIT = ChronoUnit.MINUTES;
    private final OAuthV2Service service;
    private final AuthorizationCodec<AuthorizationDetail> authCodec;

    /* renamed from: io.sgr.oauth.server.authserver.core.AuthorizationServer$1, reason: invalid class name */
    /* loaded from: input_file:io/sgr/oauth/server/authserver/core/AuthorizationServer$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$io$sgr$oauth$core$v20$ResponseType;
        static final /* synthetic */ int[] $SwitchMap$io$sgr$oauth$core$v20$GrantType = new int[GrantType.values().length];

        static {
            try {
                $SwitchMap$io$sgr$oauth$core$v20$GrantType[GrantType.REFRESH_TOKEN.ordinal()] = AuthorizationServer.DEFAULT_AUTHORIZATION_CODE_EXPIRES_TIME_AMOUNT;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$io$sgr$oauth$core$v20$GrantType[GrantType.AUTHORIZATION_CODE.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$io$sgr$oauth$core$v20$GrantType[GrantType.PASSWORD.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            $SwitchMap$io$sgr$oauth$core$v20$ResponseType = new int[ResponseType.values().length];
            try {
                $SwitchMap$io$sgr$oauth$core$v20$ResponseType[ResponseType.CODE.ordinal()] = AuthorizationServer.DEFAULT_AUTHORIZATION_CODE_EXPIRES_TIME_AMOUNT;
            } catch (NoSuchFieldError e4) {
            }
        }
    }

    /* loaded from: input_file:io/sgr/oauth/server/authserver/core/AuthorizationServer$Builder.class */
    public static class Builder {
        private OAuthV2Service service;
        private String issuer;
        private String serverSecret;
        private Long authCodeExpiresTimeAmount;
        private TemporalUnit authCodeExpiresTimeUnit;

        private Builder(OAuthV2Service oAuthV2Service) {
            Preconditions.notNull(oAuthV2Service, "Missing implementation of " + OAuthV2Service.class);
            this.service = oAuthV2Service;
        }

        public OAuthV2Service getOAuthV2Service() {
            return this.service;
        }

        public String getIssuer() {
            return this.issuer;
        }

        public Builder setIssuer(String str) {
            Preconditions.notEmptyString(str, "Issuer needs to be specified");
            this.issuer = str;
            return this;
        }

        public String getServerSecret() {
            return this.serverSecret;
        }

        public Builder setServerSecret(String str) {
            Preconditions.notEmptyString(str, "Server secret needs to be specified");
            this.serverSecret = str;
            return this;
        }

        public Long getAuthCodeExpiresTimeAmount() {
            return this.authCodeExpiresTimeAmount;
        }

        public TemporalUnit getAuthCodeExpiresTimeUnit() {
            return this.authCodeExpiresTimeUnit;
        }

        public Builder setAuthCodeExpiresAfter(Long l, TemporalUnit temporalUnit) {
            this.authCodeExpiresTimeAmount = l;
            this.authCodeExpiresTimeUnit = temporalUnit;
            return this;
        }

        public AuthorizationServer build() {
            return new AuthorizationServer(this.service, new JwtAuthorizationCodec(this.issuer, this.serverSecret).setExpiresIn((this.authCodeExpiresTimeAmount == null || this.authCodeExpiresTimeAmount.longValue() <= 0) ? 1L : this.authCodeExpiresTimeAmount.longValue(), this.authCodeExpiresTimeUnit == null ? AuthorizationServer.DEFAULT_AUTHORIZATION_CODE_EXPIRES_TIME_UNIT : this.authCodeExpiresTimeUnit), null);
        }

        /* synthetic */ Builder(OAuthV2Service oAuthV2Service, AnonymousClass1 anonymousClass1) {
            this(oAuthV2Service);
        }
    }

    private AuthorizationServer(OAuthV2Service oAuthV2Service, AuthorizationCodec<AuthorizationDetail> authorizationCodec) {
        Preconditions.notNull(oAuthV2Service, "Missing implementation of " + OAuthV2Service.class);
        this.service = oAuthV2Service;
        Preconditions.notNull(oAuthV2Service, "Missing implementation of " + AuthorizationCodec.class);
        this.authCodec = authorizationCodec;
    }

    public static Builder with(OAuthV2Service oAuthV2Service) {
        return new Builder(oAuthV2Service, null);
    }

    public <T> AuthorizationDetail preAuthorization(T t, AuthRequestParser<T> authRequestParser, String str, Locale locale) throws InvalidRequestException, InvalidClientException, InvalidScopeException, UnsupportedResponseTypeException {
        Preconditions.notNull(t, "Cannot parse from NULL");
        Preconditions.notNull(authRequestParser, "Parser needs to be specified");
        Preconditions.notEmptyString(str, "Current user needs to be specified");
        AuthorizationRequest parse = authRequestParser.parse(t);
        ResponseType responseType = parse.getResponseType();
        String clientId = parse.getClientId();
        String redirectUri = parse.getRedirectUri();
        List<String> scopes = parse.getScopes();
        String str2 = (String) parse.getState().orElse(null);
        Optional oAuthClientById = getOAuthV2Service().getOAuthClientById(clientId);
        if (!oAuthClientById.isPresent()) {
            throw new InvalidClientException("Unauthorized client");
        }
        if (!OAuthServerUtil.isRedirectUriRegistered(redirectUri, (List) oAuthClientById.map((v0) -> {
            return v0.getCallbacks();
        }).orElse(null))) {
            throw new InvalidRequestException(MessageFormat.format("Redirect URI mismatch: {0}", redirectUri));
        }
        LinkedList linkedList = new LinkedList();
        for (String str3 : scopes) {
            if (!Preconditions.isEmptyString(str3)) {
                Optional scopeById = getOAuthV2Service().getScopeById(str3, locale);
                if (!scopeById.isPresent()) {
                    throw new InvalidScopeException(MessageFormat.format("Invalid scope: {0}", str3));
                }
                linkedList.add(scopeById.get());
            }
        }
        switch (AnonymousClass1.$SwitchMap$io$sgr$oauth$core$v20$ResponseType[responseType.ordinal()]) {
            case DEFAULT_AUTHORIZATION_CODE_EXPIRES_TIME_AMOUNT /* 1 */:
                return new AuthorizationDetail(responseType, (OAuthClientInfo) oAuthClientById.get(), str, redirectUri, linkedList, str2, getOAuthV2Service().checkIfUserAuthorized(str, clientId, scopes));
            default:
                throw new UnsupportedResponseTypeException(MessageFormat.format("Unsupported response type: {0}", responseType));
        }
    }

    public String postAuthorization(boolean z, AuthorizationDetail authorizationDetail) throws UnsupportedResponseTypeException, ServerErrorException {
        ResponseType responseType = authorizationDetail.getResponseType();
        String redirectUri = authorizationDetail.getRedirectUri();
        String orElse = authorizationDetail.getState().orElse(null);
        StringBuilder sb = new StringBuilder(redirectUri);
        if (!Preconditions.isEmptyString(orElse)) {
            if (sb.indexOf("?") < 0) {
                sb.append("?");
            }
            if (sb.lastIndexOf("?") != sb.length() - DEFAULT_AUTHORIZATION_CODE_EXPIRES_TIME_AMOUNT) {
                sb.append("&");
            }
            sb.append("state").append("=").append(orElse);
        }
        if (z) {
            switch (AnonymousClass1.$SwitchMap$io$sgr$oauth$core$v20$ResponseType[responseType.ordinal()]) {
                case DEFAULT_AUTHORIZATION_CODE_EXPIRES_TIME_AMOUNT /* 1 */:
                    try {
                        String encode = this.authCodec.encode(authorizationDetail);
                        if (sb.indexOf("?") < 0) {
                            sb.append("?");
                        }
                        if (sb.lastIndexOf("?") != sb.length() - DEFAULT_AUTHORIZATION_CODE_EXPIRES_TIME_AMOUNT) {
                            sb.append("&");
                        }
                        sb.append("code").append("=").append(encode);
                        break;
                    } catch (JwtException e) {
                        throw new ServerErrorException("Failed to generate authorization code");
                    }
                default:
                    throw new UnsupportedResponseTypeException(MessageFormat.format("Unsupported response type: {0}", responseType));
            }
        } else {
            try {
                if (sb.indexOf("?") < 0) {
                    sb.append("?");
                }
                if (sb.lastIndexOf("?") != sb.length() - DEFAULT_AUTHORIZATION_CODE_EXPIRES_TIME_AMOUNT) {
                    sb.append("&");
                }
                sb.append("error").append("=").append("access_denied").append("&").append("error_description").append("=").append(URLEncoder.encode("User denied the request", "UTF-8"));
            } catch (UnsupportedEncodingException e2) {
                throw new RuntimeException(e2);
            }
        }
        return sb.toString();
    }

    public <T> OAuthCredential generateToken(T t, TokenRequestParser<T> tokenRequestParser) throws InvalidRequestException, InvalidClientException, InvalidGrantException, InvalidScopeException, UnsupportedGrantTypeException, ServerErrorException {
        OAuthCredential generateAccessToken;
        Preconditions.notNull(t, "Cannot parse from NULL");
        Preconditions.notNull(tokenRequestParser, "Parser needs to be specified");
        TokenRequest parse = tokenRequestParser.parse(t);
        String clientId = parse.getClientId();
        String clientSecret = parse.getClientSecret();
        String redirectUri = parse.getRedirectUri();
        GrantType grantType = parse.getGrantType();
        Optional oAuthClientByIdAndSecret = getOAuthV2Service().getOAuthClientByIdAndSecret(clientId, clientSecret);
        if (!oAuthClientByIdAndSecret.isPresent()) {
            throw new InvalidClientException("Unauthorized client ID or secret");
        }
        if (!OAuthServerUtil.isRedirectUriRegistered(redirectUri, (List) oAuthClientByIdAndSecret.map((v0) -> {
            return v0.getCallbacks();
        }).orElse(null))) {
            throw new InvalidGrantException(MessageFormat.format("Unknown redirect URI: {0}", redirectUri));
        }
        switch (AnonymousClass1.$SwitchMap$io$sgr$oauth$core$v20$GrantType[grantType.ordinal()]) {
            case DEFAULT_AUTHORIZATION_CODE_EXPIRES_TIME_AMOUNT /* 1 */:
                String str = (String) parse.getRefreshToken().orElseThrow(() -> {
                    return new InvalidRequestException("Missing refresh token");
                });
                if (!getOAuthV2Service().isValidRefreshToken(clientId, str)) {
                    throw new InvalidGrantException("Invalid refresh token");
                }
                generateAccessToken = getOAuthV2Service().refreshAccessToken(clientId, str);
                break;
            case 2:
                String str2 = (String) parse.getCode().orElseThrow(() -> {
                    return new InvalidRequestException("Missing authorization code");
                });
                try {
                    if (getOAuthV2Service().isAuthorizationCodeRevoked(str2)) {
                        throw new InvalidGrantException("Authorization code already been revoked");
                    }
                    try {
                        try {
                            AuthorizationDetail decode = this.authCodec.decode(str2);
                            getOAuthV2Service().revokeAuthorizationCode(str2);
                            if (decode == null) {
                                throw new InvalidGrantException("Invalid authorization code");
                            }
                            if (!redirectUri.equals(decode.getRedirectUri())) {
                                throw new InvalidGrantException(MessageFormat.format("Redirect URI mismatch: {0}", redirectUri));
                            }
                            String currentUser = decode.getCurrentUser();
                            HashSet hashSet = new HashSet(getOAuthV2Service().getGrantedScopes(clientId, currentUser));
                            hashSet.addAll((Collection) decode.getScopes().parallelStream().map((v0) -> {
                                return v0.getId();
                            }).collect(Collectors.toList()));
                            generateAccessToken = getOAuthV2Service().generateAccessToken(clientId, currentUser, hashSet);
                            break;
                        } catch (JwtException e) {
                            throw new InvalidGrantException("Unable to parse authorization code");
                        }
                    } catch (ExpiredJwtException e2) {
                        throw new InvalidGrantException("Expired authorization code");
                    }
                } catch (Throwable th) {
                    getOAuthV2Service().revokeAuthorizationCode(str2);
                    throw th;
                }
            case 3:
                List<String> list = (List) parse.getScopes().orElse(Collections.emptyList());
                if (list.isEmpty()) {
                    throw new InvalidRequestException("Missing scope");
                }
                LinkedList linkedList = new LinkedList();
                for (String str3 : list) {
                    if (!Preconditions.isEmptyString(str3)) {
                        Optional scopeById = getOAuthV2Service().getScopeById(str3, (Locale) null);
                        if (!scopeById.isPresent()) {
                            throw new InvalidScopeException(MessageFormat.format("Unknown scope: {0}", str3));
                        }
                        linkedList.add(((ScopeDefinition) scopeById.get()).getId());
                    }
                }
                String userIdByUsernameAndPassword = getOAuthV2Service().getUserIdByUsernameAndPassword((String) parse.getUsername().orElseThrow(() -> {
                    return new InvalidRequestException("Missing username");
                }), (String) parse.getPassword().orElseThrow(() -> {
                    return new InvalidRequestException("Missing password");
                }));
                if (Preconditions.isEmptyString(userIdByUsernameAndPassword)) {
                    throw new InvalidGrantException("Unknown username or password");
                }
                HashSet hashSet2 = new HashSet(getOAuthV2Service().getGrantedScopes(clientId, userIdByUsernameAndPassword));
                hashSet2.addAll(linkedList);
                generateAccessToken = getOAuthV2Service().generateAccessToken(clientId, userIdByUsernameAndPassword, hashSet2);
                break;
            default:
                throw new UnsupportedGrantTypeException(MessageFormat.format("Unsupported grant type '{0}'", grantType));
        }
        if (generateAccessToken == null) {
            throw new ServerErrorException("Unable to generate access token");
        }
        return generateAccessToken;
    }

    private OAuthV2Service getOAuthV2Service() {
        return this.service;
    }

    /* synthetic */ AuthorizationServer(OAuthV2Service oAuthV2Service, AuthorizationCodec authorizationCodec, AnonymousClass1 anonymousClass1) {
        this(oAuthV2Service, authorizationCodec);
    }
}
